C#: Normalize model ids (provides more stable test output).

Author: michaelnebel

csharp/test/TestUtilities/PrettyPrintModels.ql

@@ -0,0 +1,11 @@
+/**
+ * @kind test-postprocess
+ */
+
+import semmle.code.csharp.dataflow.internal.ExternalFlow
+import codeql.dataflow.test.ProvenancePathGraph
+import codeql.dataflow.test.ProvenancePathGraph::TestPostProcessing::TranslateProvenanceResults<interpretModelForTest/2>
+
+from string relation, int row, int column, string data
+where results(relation, row, column, data)
+select relation, row, column, data

csharp/test/security/CWE-328/WeakHashingAlgorithms.qlref

@@ -1 +1,2 @@
-security/CWE-328/WeakHashingAlgorithms.ql
+query: security/CWE-328/WeakHashingAlgorithms.ql
+postprocess: TestUtilities/PrettyPrintModels.ql

csharp/test/security/CWE-328/WeakPasswordHashing.expected

@@ -1,13 +1,19 @@
+#select
+| WeakHashingAlgorithms.cs:53:42:53:46 | access to local variable bytes | WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password : String | WeakHashingAlgorithms.cs:53:42:53:46 | access to local variable bytes | Insecure hashing algorithm (MD5) depends on $@. | WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password | password (access to parameter password) |
+| WeakHashingAlgorithms.cs:66:43:66:47 | access to local variable bytes | WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password : String | WeakHashingAlgorithms.cs:66:43:66:47 | access to local variable bytes | Insecure hashing algorithm (SHA1) depends on $@. | WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password | password (access to parameter password) |
+| WeakHashingAlgorithms.cs:79:45:79:49 | access to local variable bytes | WeakHashingAlgorithms.cs:78:50:78:57 | access to parameter password : String | WeakHashingAlgorithms.cs:79:45:79:49 | access to local variable bytes | Insecure hashing algorithm (SHA512) depends on $@. | WeakHashingAlgorithms.cs:78:50:78:57 | access to parameter password | password (access to parameter password) |
 edges
 | WeakHashingAlgorithms.cs:52:16:52:20 | access to local variable bytes : Byte[] | WeakHashingAlgorithms.cs:53:42:53:46 | access to local variable bytes | provenance |  |
 | WeakHashingAlgorithms.cs:52:24:52:58 | call to method GetBytes : Byte[] | WeakHashingAlgorithms.cs:52:16:52:20 | access to local variable bytes : Byte[] | provenance |  |
-| WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password : String | WeakHashingAlgorithms.cs:52:24:52:58 | call to method GetBytes : Byte[] | provenance | MaD:1869 |
+| WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password : String | WeakHashingAlgorithms.cs:52:24:52:58 | call to method GetBytes : Byte[] | provenance | MaD:1 |
 | WeakHashingAlgorithms.cs:65:16:65:20 | access to local variable bytes : Byte[] | WeakHashingAlgorithms.cs:66:43:66:47 | access to local variable bytes | provenance |  |
 | WeakHashingAlgorithms.cs:65:24:65:58 | call to method GetBytes : Byte[] | WeakHashingAlgorithms.cs:65:16:65:20 | access to local variable bytes : Byte[] | provenance |  |
-| WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password : String | WeakHashingAlgorithms.cs:65:24:65:58 | call to method GetBytes : Byte[] | provenance | MaD:1869 |
+| WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password : String | WeakHashingAlgorithms.cs:65:24:65:58 | call to method GetBytes : Byte[] | provenance | MaD:1 |
 | WeakHashingAlgorithms.cs:78:16:78:20 | access to local variable bytes : Byte[] | WeakHashingAlgorithms.cs:79:45:79:49 | access to local variable bytes | provenance |  |
 | WeakHashingAlgorithms.cs:78:24:78:58 | call to method GetBytes : Byte[] | WeakHashingAlgorithms.cs:78:16:78:20 | access to local variable bytes : Byte[] | provenance |  |
-| WeakHashingAlgorithms.cs:78:50:78:57 | access to parameter password : String | WeakHashingAlgorithms.cs:78:24:78:58 | call to method GetBytes : Byte[] | provenance | MaD:1869 |
+| WeakHashingAlgorithms.cs:78:50:78:57 | access to parameter password : String | WeakHashingAlgorithms.cs:78:24:78:58 | call to method GetBytes : Byte[] | provenance | MaD:1 |
+models
+| 1 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
 nodes
 | WeakHashingAlgorithms.cs:52:16:52:20 | access to local variable bytes : Byte[] | semmle.label | access to local variable bytes : Byte[] |
 | WeakHashingAlgorithms.cs:52:24:52:58 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
@@ -22,7 +28,3 @@ nodes
 | WeakHashingAlgorithms.cs:78:50:78:57 | access to parameter password : String | semmle.label | access to parameter password : String |
 | WeakHashingAlgorithms.cs:79:45:79:49 | access to local variable bytes | semmle.label | access to local variable bytes |
 subpaths
-#select
-| WeakHashingAlgorithms.cs:53:42:53:46 | access to local variable bytes | WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password : String | WeakHashingAlgorithms.cs:53:42:53:46 | access to local variable bytes | Insecure hashing algorithm (MD5) depends on $@. | WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password | password (access to parameter password) |
-| WeakHashingAlgorithms.cs:66:43:66:47 | access to local variable bytes | WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password : String | WeakHashingAlgorithms.cs:66:43:66:47 | access to local variable bytes | Insecure hashing algorithm (SHA1) depends on $@. | WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password | password (access to parameter password) |
-| WeakHashingAlgorithms.cs:79:45:79:49 | access to local variable bytes | WeakHashingAlgorithms.cs:78:50:78:57 | access to parameter password : String | WeakHashingAlgorithms.cs:79:45:79:49 | access to local variable bytes | Insecure hashing algorithm (SHA512) depends on $@. | WeakHashingAlgorithms.cs:78:50:78:57 | access to parameter password | password (access to parameter password) |

csharp/test/security/CWE-328/WeakPasswordHashing.qlref

@@ -1 +1,2 @@
-security/CWE-328/WeakPasswordHashing.ql
+query: security/CWE-328/WeakPasswordHashing.ql
+postprocess: TestUtilities/PrettyPrintModels.ql

csharp/test/security/CWE-328/WeakSensitiveDataHashing.expected

@@ -1,10 +1,15 @@
+#select
+| WeakHashingAlgorithms.cs:53:42:53:46 | access to local variable bytes | WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password : String | WeakHashingAlgorithms.cs:53:42:53:46 | access to local variable bytes | Insecure hashing algorithm (MD5) depends on $@. | WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password | sensitive data (access to parameter password) |
+| WeakHashingAlgorithms.cs:66:43:66:47 | access to local variable bytes | WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password : String | WeakHashingAlgorithms.cs:66:43:66:47 | access to local variable bytes | Insecure hashing algorithm (SHA1) depends on $@. | WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password | sensitive data (access to parameter password) |
 edges
 | WeakHashingAlgorithms.cs:52:16:52:20 | access to local variable bytes : Byte[] | WeakHashingAlgorithms.cs:53:42:53:46 | access to local variable bytes | provenance |  |
 | WeakHashingAlgorithms.cs:52:24:52:58 | call to method GetBytes : Byte[] | WeakHashingAlgorithms.cs:52:16:52:20 | access to local variable bytes : Byte[] | provenance |  |
-| WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password : String | WeakHashingAlgorithms.cs:52:24:52:58 | call to method GetBytes : Byte[] | provenance | MaD:1869 |
+| WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password : String | WeakHashingAlgorithms.cs:52:24:52:58 | call to method GetBytes : Byte[] | provenance | MaD:1 |
 | WeakHashingAlgorithms.cs:65:16:65:20 | access to local variable bytes : Byte[] | WeakHashingAlgorithms.cs:66:43:66:47 | access to local variable bytes | provenance |  |
 | WeakHashingAlgorithms.cs:65:24:65:58 | call to method GetBytes : Byte[] | WeakHashingAlgorithms.cs:65:16:65:20 | access to local variable bytes : Byte[] | provenance |  |
-| WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password : String | WeakHashingAlgorithms.cs:65:24:65:58 | call to method GetBytes : Byte[] | provenance | MaD:1869 |
+| WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password : String | WeakHashingAlgorithms.cs:65:24:65:58 | call to method GetBytes : Byte[] | provenance | MaD:1 |
+models
+| 1 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
 nodes
 | WeakHashingAlgorithms.cs:52:16:52:20 | access to local variable bytes : Byte[] | semmle.label | access to local variable bytes : Byte[] |
 | WeakHashingAlgorithms.cs:52:24:52:58 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
@@ -15,6 +20,3 @@ nodes
 | WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password : String | semmle.label | access to parameter password : String |
 | WeakHashingAlgorithms.cs:66:43:66:47 | access to local variable bytes | semmle.label | access to local variable bytes |
 subpaths
-#select
-| WeakHashingAlgorithms.cs:53:42:53:46 | access to local variable bytes | WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password : String | WeakHashingAlgorithms.cs:53:42:53:46 | access to local variable bytes | Insecure hashing algorithm (MD5) depends on $@. | WeakHashingAlgorithms.cs:52:50:52:57 | access to parameter password | sensitive data (access to parameter password) |
-| WeakHashingAlgorithms.cs:66:43:66:47 | access to local variable bytes | WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password : String | WeakHashingAlgorithms.cs:66:43:66:47 | access to local variable bytes | Insecure hashing algorithm (SHA1) depends on $@. | WeakHashingAlgorithms.cs:65:50:65:57 | access to parameter password | sensitive data (access to parameter password) |

csharp/test/security/CWE-328/WeakSensitiveDataHashing.qlref

@@ -1 +1,2 @@
-security/CWE-328/WeakSensitiveDataHashing.ql
+query: security/CWE-328/WeakSensitiveDataHashing.ql
+postprocess: TestUtilities/PrettyPrintModels.ql

csharp/test/security/CWE-760/HardcodedSalt.expected

@@ -1,11 +1,16 @@
+#select
+| StaticSalt.cs:14:49:14:52 | access to local variable salt | StaticSalt.cs:13:39:13:54 | "Hardcoded Salt" : String | StaticSalt.cs:14:49:14:52 | access to local variable salt | Use of $@. | StaticSalt.cs:13:39:13:54 | "Hardcoded Salt" | hardcoded salt |
+| StaticSalt.cs:30:49:30:52 | access to local variable salt | StaticSalt.cs:23:12:23:28 | "Hardcoded Salt2" : String | StaticSalt.cs:30:49:30:52 | access to local variable salt | Use of $@. | StaticSalt.cs:23:12:23:28 | "Hardcoded Salt2" | hardcoded salt |
 edges
 | StaticSalt.cs:13:9:13:12 | access to local variable salt : Byte[] | StaticSalt.cs:14:49:14:52 | access to local variable salt | provenance |  |
 | StaticSalt.cs:13:16:13:55 | call to method GetBytes : Byte[] | StaticSalt.cs:13:9:13:12 | access to local variable salt : Byte[] | provenance |  |
-| StaticSalt.cs:13:39:13:54 | "Hardcoded Salt" : String | StaticSalt.cs:13:16:13:55 | call to method GetBytes : Byte[] | provenance | MaD:1869 |
+| StaticSalt.cs:13:39:13:54 | "Hardcoded Salt" : String | StaticSalt.cs:13:16:13:55 | call to method GetBytes : Byte[] | provenance | MaD:1 |
 | StaticSalt.cs:23:12:23:28 | "Hardcoded Salt2" : String | StaticSalt.cs:29:39:29:63 | call to method generateSalt : String | provenance |  |
 | StaticSalt.cs:29:9:29:12 | access to local variable salt : Byte[] | StaticSalt.cs:30:49:30:52 | access to local variable salt | provenance |  |
 | StaticSalt.cs:29:16:29:64 | call to method GetBytes : Byte[] | StaticSalt.cs:29:9:29:12 | access to local variable salt : Byte[] | provenance |  |
-| StaticSalt.cs:29:39:29:63 | call to method generateSalt : String | StaticSalt.cs:29:16:29:64 | call to method GetBytes : Byte[] | provenance | MaD:1869 |
+| StaticSalt.cs:29:39:29:63 | call to method generateSalt : String | StaticSalt.cs:29:16:29:64 | call to method GetBytes : Byte[] | provenance | MaD:1 |
+models
+| 1 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
 nodes
 | StaticSalt.cs:13:9:13:12 | access to local variable salt : Byte[] | semmle.label | access to local variable salt : Byte[] |
 | StaticSalt.cs:13:16:13:55 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
@@ -17,6 +22,3 @@ nodes
 | StaticSalt.cs:29:39:29:63 | call to method generateSalt : String | semmle.label | call to method generateSalt : String |
 | StaticSalt.cs:30:49:30:52 | access to local variable salt | semmle.label | access to local variable salt |
 subpaths
-#select
-| StaticSalt.cs:14:49:14:52 | access to local variable salt | StaticSalt.cs:13:39:13:54 | "Hardcoded Salt" : String | StaticSalt.cs:14:49:14:52 | access to local variable salt | Use of $@. | StaticSalt.cs:13:39:13:54 | "Hardcoded Salt" | hardcoded salt |
-| StaticSalt.cs:30:49:30:52 | access to local variable salt | StaticSalt.cs:23:12:23:28 | "Hardcoded Salt2" : String | StaticSalt.cs:30:49:30:52 | access to local variable salt | Use of $@. | StaticSalt.cs:23:12:23:28 | "Hardcoded Salt2" | hardcoded salt |

csharp/test/security/CWE-760/HardcodedSalt.qlref

@@ -1 +1,2 @@
-security/CWE-760/HardcodedSalt.ql
+query: security/CWE-760/HardcodedSalt.ql
+postprocess: TestUtilities/PrettyPrintModels.ql